House Judiciary OKs EU Citizen Privacy Suit Bill

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

Sept. 17 — The House Judiciary Committee Sept. 17 unanimously approved a bill (H.R. 1428), which would grant European Union citizens limited access to U.S. courts to allege government misuse of their personal data transferred to the U.S.

The enactment of the legislation is a prerequisite for a recently negotiated general U.S.-EU law enforcement data-sharing agreement to take effect and may smooth relations that frayed after revelations about the scope of U.S. government surveillance operations, a move that would help U.S. companies doing business in the EU.

The Judicial Redress Act, which was introduced by Rep. Jim Sensenbrenner Jr. (R-Wisc.), would authorize the Department of Justice to designate certain foreign countries, whose citizens could bring civil actions in U.S. courts under the Privacy Act.

The judicial redress bill is “critical” in ensuring cooperation between the U.S. and the EU and to preserve U.S. companies' ability to do business in Europe, Committee Chairman Rep. Robert W. Goodlatte (R-Va.) said during the committee markup.

Committee Ranking Member Rep. John Conyers Jr. (D-Mich.)—an original cosponsor of the legislation—said that passing the bill is “unquestionably the right thing to do for the nation's closest allies.” Considering that many European countries provide similar redress to U.S. citizens, “it's a matter of basic fairness,” he said.

Privacy, Security Not Competing

Sensenbrenner added that the bill is necessary to ensure continued sharing of law enforcement data between the U.S. and EU. “Privacy and security are not competing values,” he said.

An umbrella agreement on data protection safeguards for personal data transferred to the U.S. for law enforcement purposes was initialed by U.S. and EU officials Sept. 8. 

In addition to the right of redress, the umbrella agreement includes provisions on purpose limitation; data retention periods; the right for individuals to access their data and seek rectification; and a prohibition of the onward transfer of data without the consent of authorities in the country in which the data originated.

Surveillance Concerns 

EU citizen redress has been a hot button topic in particular after revelations from Edward Snowden, a former employee of a U.S. National Security Agency contractor, about U.S. surveillance practices.

The lack of a redress mechanism has also been of concern in negotiations over improving the U.S.-EU Safe Harbor Program. Under the program, companies can transfer EU citizens' data to the U.S. if they self-certify their compliance with privacy principles similar to those contained in the EU Data Protection Directive (95/46/EC). Over 4,000 U.S. companies are registered under the program administered by the U.S. Commerce Department.

In a Sept. 17 statement, Gary Shapiro, president and chief executive officer of the Consumer Electronics Association, lauded the Judiciary Committee's approval of H.R. 1428. The legislation is important to rebuild trust because after the Snowden revelations “our overseas customers lost trust in American businesses,” and that made U.S. companies less competitive globally, he said.

During the markup, Rep. Ted Poe (R-Tex.) raised concerns that other personal data handling reforms are “lagging.” He referred to a Senate bill (S.356) that would overhaul the Electronic Communications Privacy Act by requiring law enforcement to obtain a search warrant and show probable cause before accessing U.S. citizens' e-mail data stored in the cloud.

The Securities and Exchange Commission Sept. 16 opposed S. 356, saying that it would impede civil law enforcement agencies, such as the SEC, from pursing financial fraud and other misconduct.

To contact the reporter on this story: Jimmy H. Koo in Washington at

To contact the editor responsible for this story: Donald G. Aplin at

H.R. 1428, as considered by the committee during the markup session, is available at


Request Bloomberg Law: Privacy & Data Security